Anyone heard of Magnet Goblin?
 

It's a new financially-motivated malware campaign targetting one-day exploits (those for which a patch has only just come out) on both Windows and Linux.
https://arstechnica.com/security/202...-day-exploits/

There always seems to be a low signal-to-noise ratio when it comes to malware which targets Linux.

But I did find more details here:https://www.securityweek.com/magnet-...lnerabilities/

"Magnet Goblin was seen targeting publicly disclosed vulnerabilities in Ivanti VPNs (CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, and CVE-2024-21893), Magento (CVE-2022-24086), Qlik Sense (CVE-2023-41265, CVE-2023-41266, and CVE-2023-48365), and possibly Apache ActiveMQ."

I'd suggest that if you're not running Ivanti VPN, Magento, Qlik Sense or Apache ActiveMQ, then you don't have anything to worry about.

If you are running one of those services, you should double-check your updates and set your firewall to deny all traffic to/from 172.86.66.165.